Illegal Virtual Number Rental Service Created By New App
Here’s everything you need to know about fake Android apps on the Google Play Store and Apple App Store. And how best to avoid them; starting with the latest phony Play Store app to hit the cyber security news headlines: “Symoo”.
Most users considered the Google Play Store to be one of the safest Android app platforms. After all, it helps us discover amazing and fresh apps through its online and regularly monitored marketplace. However, a new danger lurks, every day, thus users must be mindful of fake apps that have taken the Google flagship store by storm.
Hackers are earning millions from the Google Play Store, with maliciously coded apps that are designed to steal users’ data – and in many cases – earn them revenues through adverts click marketing.
Threat actors are known to lure unsuspecting users with low pricing, other times their apps are completely free, with unrealistically high support claims to make their app look legitimate. There are millions of downloads from the Google Store, with most of them taking advantage of utilizing users’ Android devices to continually earn an income.
Fake Google Playstore App known as Symoo
“Symoo” is a fake SMS app found on the Playstore, with over 100,000 downloads, according to analytical reports. Though recently found, it has already resided on numerous Android devices, whey it utilizes an SMS relay technique that creates illegal account services linked to Instagram, Telegram, Facebook, and Microsoft.
According to several tech researchers, these infected devices were rented out as “virtual numbers”, completely unbeknown to their users. These numbers were then used to relay a one-time passcode, which could verify a user in the process of creating an account on various social media sites. Possibly as throwaway accounts to perform scams, hacks, and phishing campaigns.
The irony behind Symoo is that it has a whopping rating of 3.4 on the Playstore, despite numerous reviews warning it is fake. Some victims’ reviews even warned that the harmful app hijacked their phones, and generated multiple one-time passwords for various sites without their permission. Oddly enough, it is still available on the Google Play Store.
Symoo Illegal Virtual Number Rental Service
The cyber security team is still researching how this Google Play Store App was used to run the Illegal Virtual Number Rental Service. But, for now, when Symoo is successfully installed on an Android device, it requests access to read and send SMS. Of course, nothing seems out of the ordinary for the unsuspecting victim, as Symoo is marketed as an easy-to-use SMS app. It then asks the user to provide their phone number, then overlays a fake loading screen to show the progress of loading the app resources.
However, this extensively long loading screen is just a smoke front for criminal hackers to send multiple 2FA (two-factor authentication) SMS texts for multiple accounts created on popular social media platforms. The app itself then reads the messages, before relaying them back to the threat actors.
Once completed, the app freezes before it ever reaches the SMS interface. Users typically uninstall it once they realize that the interface doesn’t load properly. But unbeknownst to an unsuspecting victim, the hackers’ app had already illegal access and used their phone numbers on various platforms. Meanwhile, the victims now have to deal with the constant bombardment of one-time passcode messages from accounts they did not create.
Apparently, the behind-the-scenes virtual number service offers “online numbers” from more than 200 countries. These virtual numbers are rented for less than 50 cents for one-time use, which researchers have linked to software such as ActivationPW that makes this hacking campaign possible.
How to protect your data from malicious apps
You must avoid harmful apps that steal personal information when downloading apps from Google Play Store. Unfortunately, it is easier said than done with so many new applications uploaded each day.
So far, Google has a lot of catching to reach the Apple App Store’s level of security. Even though the Play Store is Android’s best bet at a safe application marketplace, finding fake apps among the thousands of apps uploaded every day is a little harder than finding a needle in a haystack.
There are only so many ways in which you can keep yourself safe from downloading these terrible apps. But the fortunate news is that you can protect your Android device from malware and other forms of cyber attacks that steal personal data.
The first thing you must research before downloading an app is the developer’s name, website, and online presence. If any available information seems strange, or especially in cases where not much information is available about the developers – chances are the app is linked to a malicious hacking group.
Watch out for fake app reviews
Next, the user should pay special attention to the reviews and ratings of the app. Research this step carefully, as some fake reviews can easily be set up or bought from freelancers. While there are several fake review detection apps, consumers must read all reviews, to ensure their validity. If in doubt, then you must definitely stay away from that app.
Of course, one should always avoid downloading applications from third-party app stores, as they most likely don’t have the same protections in place as Google Play or the Apple Store. It is a known fact, that a lot more fake apps run amok on unregulated marketplaces.
But if you have downloaded a fake app, you could manually remove it from your tech device. In addition, if you are not tech-savvy you could get a phone repair technician to remove all traces of the malicious app from your phone.
Last but not least, you must have a reliable mobile antivirus system in place. Ideally, it should be one that questions and prevents suspicious apps from getting installed on your Android device in the first place.